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Information Commissioner’s Office 


Management Board terms of reference 


Purpose 


1.1. The Management Board provides strategic direction to ensure the 
long term objectives for the organisation are met successfully and 
sustainably. The Board operates collectively, holding the Executive 
to account for the leadership and regulatory outcomes of the ICO. 


1.2. It has five main areas of focus: 


e Position of the organisation as the information rights regulator 
- setting the vision and mission and ensuring that all activities, 
either directly or indirectly, contribute towards it. Long-term 
horizon scanning, ensuring the strategic direction is based on a 
collective understanding of policy issues; using outside 
perspective to ensure that the ICO is challenged on its 
outcomes and understanding the perspective of others, in 
particular the regulated community and the public. 

e Setting the tone and culture of the ICO - setting the ICO’s risk 
appetite and ensuring controls are in place to manage risk; 
agreeing and monitoring the ICO’s people related strategies 
and plans, monitoring the organisation’s compliance culture 
and ensuring there is a clear vision for the way the ICO works 
and understanding of its values. 

e Ensuring the ICO has the capacity and capability it needs - 
determining sign-off of large operational projects or 
programmes; ensuring sound financial management; 
scrutinising the allocation of financial and human resources to 
achieve the plan and ensuring organisational design supports 
attaining strategic objectives. Evaluation of the Board and its 
members and succession planning to ensure the ICO has the 
capability to deliver and to plan to meet current and future 
needs. 

e Defining the perception of the ICO - agreeing plans and 
strategies; setting objectives for strategic engagement 
activities; driving the ICO to be a modern regulator, 
independent regulator. 

e Monitoring the performance of the ICO towards achieving its 
strategic goals - ensuring clear, consistent, comparable 


2.2. 


2.3. 


2.4. 


2.5. 


2.6. 


performance information is used to drive improvements and 
demonstrate the impact of the work of the organisation. 
Monitoring and steering performance against plan; scrutinising 
performance and setting the ICO’s standards and values, 
holding the Executive to account for delivery of its plans and 
strategies. 


Responsibilities 


The Board should ensure that arrangements are in place to enable 
it to discharge its responsibilities effectively, including: 


° formal procedures for the appointment of new Board 
members, tenure and succession planning for Board members 
and senior officials; 

e allowing sufficient time for the Board to discharge its collective 
responsibilities effectively; and 

° induction arrangements on joining the Board. 


The Board should ensure that there are satisfactory systems for 
identifying and developing leadership and high potential, 
scrutinising the incentive structure and succession planning for the 
Board and senior leadership, and scrutinising governance 
arrangements. 


The Board should agree and document an appropriate system to 
record and manage conflicts and potential conflicts of interest of 
Board members. 


The Board should ensure that there are arrangements for 
governance, risk management and internal control for the ICO. 
Advice about and scrutiny of key risks is a matter for the Board, 
supported by: 


° an Audit Committee, chaired by a suitable Non-executive 
Director; 

° an internal audit service operated to Public Sector Internal 
Audit Standards 


The Board should take the lead on, and oversee the preparation of, 
the ICO’s governance statement for publication in its Annual 
Report and Accounts. 


The Head of Internal Audit should be invited to attend Board 
meetings periodically, where key issues are discussed relating to 
governance, risk management or internal control across the ICO. 


2.7. 


3.1. 
3.2: 


3.3. 


3.4. 


4.2. 


4.3. 


The Board should assure itself of the effectiveness of the ICO’s risk 
management system and procedures and its internal controls. The 
Board should give a clear steer on the desired risk appetite for the 
ICO and ensure that: 


e there is a proper framework of prudent and effective controls, 
so that risks can be assessed, managed and taken prudently; 

e there is clear accountability for managing risks; 

° officials are equipped with the relevant skills and guidance to 
perform their assigned roles efficiently and effectively. 


Authority 
The Board’s authority derives from the Information Commissioner. 


As a Corporation Sole, all formal powers and duties rest with the 
Commissioner. In line with the scale and complexity of the ICO's 
role and remit the Commissioner has formally delegated 
responsibility through the ICO's Management Agreement with its 
Government sponsor department (and these Terms of Reference) 
for the strategic leadership of the ICO to the Management Board, 
of which the Information Commissioner is the Chair. 


The Board operates based on collective decision making principles 
and a ‘majority vote' in circumstances where a consensus view 
cannot be reached. 


The Commissioner, as a Corporation Sole, will always have the 
right to set a course of action that is contrary to the majority view 
of the Board. In such circumstances, which are only expected to be 
invoked in rare and special cases, the Commissioner agrees to 
document their rationale for their decision. This will be published 
as part of the Commissioner's Annual Governance Statement in the 
ICO's Annual Report to Parliament. 


Composition 
The Board consists of Executive and Non-Executive members. 


Executive Members include the Information Commissioner and 
members of the Executive Team. 


Non-Executive members will outnumber the Executive members. 
Non-Executive members will be appointed by a panel chaired by 
the Information Commissioner and including a representative from 
the ICO's Government Sponsor Department. 


4.4. 


4.5. 


4.6. 


6.2. 


7.i. 


8.1. 


There will be a Senior Independent Director designated by the 
Commissioner from amongst the non-Executive members. This 
Director is responsible for chairing Board meetings in the absence 
of the Information Commissioner and for representing the views of 
the Non-Executive members of the Board where necessary. 


There will be two Senior Executive members designated by the 
Commissioner from amongst the Executive members. One will be 
responsible for the ICO's day-to-day leadership, performance and 
administration. The other will be responsible for the ICO's 
regulatory decisions and outcomes. 


The Board is chaired by the Information Commissioner or, in her 
absence, by the Senior Independent Director. 


Quorum 
The Board is quorate with six members present. 
Information requirements 


The Board should ensure that arrangements are in place to enable 
it to discharge its responsibilities effectively, including the timely 
provision of information in an appropriate form and quality. This 
should include quarterly reports on: 


e income and expenditure; 

e operational performance; 

e strategic information rights issues; and 
e risk. 


The Board should also receive minutes from the following 
governance committees that report to it: 


e Executive Team; 

e Senior Leadership Team; and 

e Audit Committee. 

Budget 

The Management Board is not responsible for a specific budget. 
Secretariat 

Secretariat is provided by the Corporate Governance Team. 


Frequency of meetings 


9.1. The Board should meet at least four times annually. 
10. Evaluation 


10.1. The Board should ensure that arrangements are in place to enable 
it to discharge its responsibilities effectively, including a formal 
annual evaluation of the Board’s performance and that of its 
committees, and of individual Board members. 


Annex: Transitional Arrangements 


To implement these changes, the Commissioner will designate a Senior 
Independent Director and two Senior Executives from within the existing 
Board. They will have their job descriptions and/or contracts updated 
accordingly. We will also review the terms and conditions of the Non 
Executives to reflect the increased workload now associated with the role. 


The two Senior Executive roles will be identified from 1 January 2020 and 
the Senior Independent Director will be identified by the Board's March 
2020 meeting. Any override of the collective decisions of the Board from 
that time until 31 March 2020 will be documented in the 2019/20 Annual 
Report. 


The changes to these Terms of Reference will be reflected in the ICO’s 
2019/20 Annual Report and in the ICO/DCMS Management Agreement. 


